Symantec Endpoint Protection (SEP) 12.1 RU1 has a conflict with Citrix Profile Management 4.0

Article:TECH179407  |  Created: 2012-01-19  |  Updated: 2012-11-19  |  Article URL http://www.symantec.com/docs/TECH179407
Article Type
Technical Solution


Issue



A number of applications such as Microsoft Power Point, Microsoft Word, Microsoft Excel may not show up in the Windows taskbar once they are minimized. In certain cases explorer.exe (My Computer) may stop responding.

The issue persists even after disabling various SEP 12.1 components such as Insight, AutoProtect or Application and Device Control (ADC). Removing Proactive Threat Protection (PTP) does not resolve the issue.

When you disable the Citrix Profile Management 4.0 service, the issue is resolved.


Environment



Operating System: Microsoft Windows 7 Enterprise Edition, 32-bit or 64-bit with Service Pack 1. Other operating systems may be impacted.

Symantec Endpoint Protection 12.1 (12.1.1000.157)

 


Cause



SEP 12.1's BASH (Behavior Analysis and System Heuristics) driver remains functional even after removing Proactive Threat Protection.  BASH provides the underlying technology for a number of SEP features, and is not limited to Proactive Threat Protection.

Older releases of this BASH had a conflict with Citrix Profile Management or one of its filter drivers.


Solution



The latest available BASH driver has resolved this reported conflict.  Run LiveUpdate on the SEP client to download the latest version of this component.

As a workaround, the BASH driver can be disabled via a command prompt (with local administrator privileges):

  • 32-bit Windows: "sc config bhdrvx86 start= disabled" (without the quotes)
  • 64-bit Windows: "sc config bhdrvx64 start= disabled" (without the quotes)

Restart the system once you have successfully completed the command.

To re-enable BASH, please repeat the same command used to disable it, but replace "disabled" with "system". The machine will need to be restarted for the change to take effect.

To confirm if BASH is running, please use either "sc query bhdrvx86" or "sc query bhdrvx64".

As a best practice, ensure that Citrix-related exclusions are in place.


Supplemental Materials

SourceETrack
Value2682288



Article URL http://www.symantec.com/docs/TECH179407


Terms of use for this information are found in Legal Notices